The parameters that can be set on this Administration Console page can
also be accessed programmatically via the Java interfaces that are
identified in this help topic. For API information about those interfaces,
see Related Topics.

The Java class that overrides the default username mapper class
with which the SAML 2.0 Identity Asserter provider is configured in
this security realm.

If specified, this class is a custom implementation of the
com.bea.security.saml2.providers.SAML2IdentityAsserterNameMapper
interface and is used for assertions received from this specific
Identity Provider partner.

Operations on this parameter are available in the
com.bea.security.saml2.providers.registry.IdPPartner
interface.

An optional set of URIs from which unauthenticated users will be
redirected to the Identity Provider partner.

Note the following:

A URI may include a wildcard pattern, but the wildcard pattern
must include a file type to match specific files in a directory. For
example, to create a match for all files in the
/targetapp directory, including all .jsp,
.html, and .htm files, the following
wildcard patterns are specified:

/targetapp/*/targetapp/*.jsp/targetapp/*.html/targetapp/*.htm

If two or more Identity Provider partners are configured that
are capable of authenticating a user for a given URI in this list,
the authentication request is sent to the first matching partner
that the SAML 2.0 services finds.

The use of Redirect URIs is only one mechanism for enabling a
Service Provider initiated web single sign-on session. Another is to
embed the Service Provider initiator service URI (by default, this
is sp/sso/initiator) in the URI of the requested
resource.

Operations on this parameter are available in the
com.bea.security.saml2.providers.registry.WebSSOIdPPartner
interface.

Specifies whether authentication requests sent to this Identity
Provider partner must be signed.

If this attribute is set to true, authentication
requests sent to this Identity Provider partner are signed, even if
the SAML 2.0 Service Provider configuration for the local site are not
set to automatically sign authentication requests.

Operations on this parameter are available in the
com.bea.security.saml2.providers.registry.WebSSOIdPPartner
interface.

The URL of the custom web application that generates the POST form
for carrying the SAML response for Artifact bindings to this Identity
Provider partner. Details about the required fields in this custom
application are available in the OASIS SAML 2.0 specifications.

Operations on this parameter are available in the
com.bea.security.saml2.providers.registry.WebSSOPartner
interface.

The URL of the custom web application that generates the POST form
for carrying the SAML response for POST bindings to this Identity
Provider partner.

If a custom POST form is used, the parameters will be made
available as a Map of names and values, but the form may or may not be
constructed to include the parameters in the POSTed data. Details
about the required fields in this custom application are available in
the OASIS SAML 2.0 specifications.

Operations on this parameter are available in the
com.bea.security.saml2.providers.registry.WebSSOPartner
interface.